{
  "version": "15.0.6",
  "vulnerabilities": [
    {
      "id": "aa24a31ae8fdc7c0e98d73a0757e0e362674ee5d1f7263992d81f58f8a51cb64",
      "description": "An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.",
      "severity": "Critical",
      "solution": "Upgrade glibc from 2.24-11+deb9u3 to 2.24-11+deb9u4",
      "location": {
        "dependency": {
          "package": {
            "name": "glibc"
          },
          "version": "2.24-11+deb9u3"
        },
        "operating_system": "debian:9",
        "image": "registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0@sha256:bc09fe2e0721dfaeee79364115aeedf2174cce0947b9ae5fe7c33312ee019a4e",
        "kubernetes_resource": {
          "namespace": "default",
          "name": "sample-app",
          "kind": "ReplicaSet",
          "container_name": "webgoat",
          "cluster_id": "1",
          "agent_id": "46357"
        }
      },
      "identifiers": [
        {
          "type": "cve",
          "name": "CVE-2017-18269",
          "value": "CVE-2017-18269",
          "url": "https://security-tracker.debian.org/tracker/CVE-2017-18269"
        }
      ],
      "links": [
        {
          "url": "https://security-tracker.debian.org/tracker/CVE-2017-18269"
        }
      ]
    },
    {
      "id": "63d4657e761a98d4adf369ce4ce591879278484ceeadfcfc4692f269479b6a4f",
      "description": "elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the \"./\" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.",
      "severity": "Critical",
      "solution": "Upgrade glibc from 2.24-11+deb9u3 to 2.24-11+deb9u4",
      "location": {
        "dependency": {
          "package": {
            "name": "glibc"
          },
          "version": "2.24-11+deb9u3"
        },
        "operating_system": "debian:9",
        "image": "registry.gitlab.com/gitlab-org/security-products/dast/webgoat-8.0@sha256:bc09fe2e0721dfaeee79364115aeedf2174cce0947b9ae5fe7c33312ee019a4e",
        "kubernetes_resource": {
          "namespace": "default",
          "name": "sample-app",
          "kind": "ReplicaSet",
          "container_name": "webgoat",
          "cluster_id": "1",
          "agent_id": "46357"
        }
      },
      "identifiers": [
        {
          "type": "cve",
          "name": "CVE-2017-16997",
          "value": "CVE-2017-16997",
          "url": "https://security-tracker.debian.org/tracker/CVE-2017-16997"
        }
      ],
      "links": [
        {
          "url": "https://security-tracker.debian.org/tracker/CVE-2017-16997"
        }
      ]
    }
  ],
  "remediations": [
    {
      "fixes": [
        {
          "id": "857114844e8ac6cf5c9946ac4d40ab73eccf35df"
        },
        {
          "id": "09675f15e9a285de79a477f12d03bcc08dda8d80"
        },
        {
          "id": "7c07e0b19de5536323882ffb492ec7d3fdf5d029"
        },
        {
          "id": "be0740fbe8024b6041fad1af45062e2acaefb169"
        }
      ],
      "summary": "Upgrade curl to 7.79.1-2.amzn2.0.1",
      "diff": "ZGlmZiAtLWdpdCBhL0RvY2tlcmZpbGUgYi9Eb2NrZXJmaWxlCmluZGV4IDdkNjMzZDkuLjQxYzdhYTQgMTAwNjQ0Ci0tLSBhL0RvY2tlcmZpbGUKKysrIGIvRG9ja2VyZmlsZQpAQCAtMSArMSwyIEBACiBGUk9NIGRlYmlhbjpsYXRlc3QKK1JVTiB5dW0gLXkgY2hlY2stdXBkYXRlIHx8IHsgcmM9JD87IFsgJHJjIC1uZXEgMTAwIF0gJiYgZXhpdCAkcmM7IHl1bSB1cGRhdGUgLXkgY3VybDsgfSAmJiB5dW0gY2xlYW4gYWxs"
    },
    {
      "fixes": [
        {
          "id": "8fbba0e54af83852316315f695164063df348cdf"
        },
        {
          "id": "b5de6ed3b0d1683db14d8d8f10e88bcf8aa9772a"
        },
        {
          "id": "32d836aba4d317bf9f5541255f694d6377103dd0"
        },
        {
          "id": "e7589f575ec9f631ead7b8ecd51c37262ea011a0"
        }
      ],
      "summary": "Upgrade libcurl to 7.79.1-2.amzn2.0.1",
      "diff": "ZGlmZiAtLWdpdCBhL0RvY2tlcmZpbGUgYi9Eb2NrZXJmaWxlCmluZGV4IDdkNjMzZDkuLmY1ZmExM2IgMTAwNjQ0Ci0tLSBhL0RvY2tlcmZpbGUKKysrIGIvRG9ja2VyZmlsZQpAQCAtMSArMSwzIEBACiBGUk9NIGRlYmlhbjpsYXRlc3QKK1JVTiB5dW0gLXkgY2hlY2stdXBkYXRlIHx8IHsgcmM9JD87IFsgJHJjIC1uZXEgMTAwIF0gJiYgZXhpdCAkcmM7IHl1bSB1cGRhdGUgLXkgbGliY3VybDsgfSAmJiB5dW0gY2xlYW4gYWxsCitSVU4geXVtIC15IGNoZWNrLXVwZGF0ZSB8fCB7IHJjPSQ/OyBbICRyYyAtbmVxIDEwMCBdICYmIGV4aXQgJHJjOyB5dW0gdXBkYXRlIC15IGN1cmw7IH0gJiYgeXVtIGNsZWFuIGFsbA=="
    }
  ],
  "scan": {
    "scanner": {
      "id": "starboard",
      "name": "Starboard",
      "url": "https://github.com/aquasecurity/starboard",
      "vendor": {
        "name": "GitLab"
      },
      "version": "0.10.0"
    },
    "analyzer": {
      "id": "gitlab-agent",
      "name": "Gitlab Agent for Kubernetes",
      "url": "https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent",
      "vendor": {
        "name": "GitLab"
      },
      "version": "15.10.0"
    },
    "type": "cluster_image_scanning",
    "status": "success",
    "start_time": "2022-08-10T22:37:00",
    "end_time": "2022-08-10T22:37:00"
  }
}
